CVE-2022-4031

The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.
Configurations

Configuration 1 (hide)

cpe:2.3:a:simple-press:simple\:press:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-11-29 21:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-4031

Mitre link : CVE-2022-4031

CVE.ORG link : CVE-2022-4031


JSON object : View

Products Affected

simple-press

  • simple\
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')